STPA for Learning-Enabled Systems: A Survey and A New Method

Systems Theoretic Process Analysis (STPA) is a systematic approach for hazard analysis that has been effective in the safety analysis of systems across industrial sectors from transportation, energy, to national defence. The unstoppable trend of using Machine Learning (ML) in safety-critical systems has led to the pressing need of extending STPA to Learning-Enabled Systems (LESs). However, while work has been carried out over different example systems, without a systematic review, it is unclear how effective and generalisable the extended STPA methods are and, more importantly, if further improvements can be made. To this end, we present our survey on 29 papers selected through a systematic literature search. We summarise and compare relevant research from five perspectives (attributes of concern, object under study, modifications to STPA, derivatives of the analysis, and process modelled as a control loop) to conclude insights. Furthermore, based on the survey results, we identify room for improvement and accordingly introduce a new method named DeepSTPA, which enhances STPA from two aspects that are missing from the state-of-the-art: (i) it explicitly models how the control loop structures are extended to identify hazards from the data-driven development process at every stage of the ML lifecycle; (ii) it models fine-grained functionalities deep into the layer-levels of ML models to detect root causes. We demonstrate DeepSTPA through a case study on an autonomous underwater vehicle (AUV).